• Michael Hanselmann's avatar
    http.auth: Fix bug with checking hashed passwords · 23ccba04
    Michael Hanselmann authored
    When username and password were sent for a resource not requiring
    authentication, it wouldn't be accepted if the user in question had a
    hashed password. The reason was that the function GetAuthRealm used to
    return None if no authentication was necessary. However, the
    authentication realm is necessary to verify hashed passwords. This is
    fixed by requiring GetAuthRealm to always return a realm and separating
    the decision whether to require authentication or not to a separate
    Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
    Reviewed-by: default avatarIustin Pop <iustin@google.com>
auth.py 9.24 KB